I'm on beta2 right now (going to 3 in short order). But I was curious as to what this option does. The wiki says : You can limit rules to specific ip addresses.

My goal is to forward one port as securely as possible - I'd like to limit access to one specific IP address if possible. I figured that the "Limit to IP" was the way to do that, so I specified it as the target ip. With it set I was still able to see the port as open from IPs that weren't specified. ( www.grc.com ).

Am I misunderstanding that option's purpose or do I have something misconfigured?

I have also been experiencing Firewall issues. I asked the forum at this post. http://forum.linuxmce.org/index.php?topic=3890.0 but I have not gotten a response. I had not tried Beta2, so I do not know if my problem exists in Beta2, but I am not able to get any Firewall changes loaded via Admin in Beta3

So I'm on beta3 32bit now, and it still seems to not "limit to ip" on the ip i specify. I think I'm going to opt to stop forwarding ports for now. For the record, it should be possible to block all traffic on an open port except for an ip I specify correct? I'd rather not leave threat filtering up to my novice ability at administering a private svn server with apache if I have a choice to do it through the firewall menu.

iptables -t nat -xvnLThird, I'm looked over the code and this couldn't have worked If I'm looking in the right place, this bug is _ancient_. The line I'm referring to is in /usr/pluto/bin/Network_Firewall.sh, the script responsible for applying the firewall rules, at line 136. Now, that line was last modified at revision 545. What I noticed there was this:

Now, my iptables -t nat -xvnL shows that a filter for the source IP is applied, as it should. I also checked the other calls to ForwardPort and OpenPort to make sure this parameter is correct, and this is the only place without it.

Please try out my change and let me know if it fixes your issues. It has already been committed to SVN.

Changed the script as instructed, seems to have solved my issue. Using "iptables -t nat -xvnL" without the change, I reading the source as 0.0.0.0/0 when I applied the firewall rule in web admin. After the change, the source correctly shows the ip I specified under "Limit to IP" when I reapplied the rule.

2) There is still no answer to what "Limit to IP" does - i want to know this too, as I will have to be opening ports for xbox live use.

So, what is the difference between the destination IP address, and the "Limit to:" IP address in the firewall settings?Also, can you specify a range of IP address to forward ports on? (I.e. open UDP port 88 on all IP address, or from 192.168.80.140-192.168.80.145?)